Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Senior M$ member says stop using passwords completely!
From: Andrew Farmer <andfarm () teknovis com>
Date: Wed, 20 Oct 2004 10:45:41 -0700

On 16 Oct 2004, at 07:46, Tim wrote:
"Pre-computation attacks are a somewhat new and interesting phenomenon
we are starting to encounter 'in the wild' through chainsaw security
consultants. What they do is they pre-compute all of the possible LM or NT password hashes of a given length with a given character set and burn
the pre-computed password-hash-to-password-mappings to DVD.  Heck they
can even submit their request to have your password hash reversed back
into a password using a web page someone has setup to do the job for you
(sorry, not going to give out THAT URL here.) . . . for free!"

To save everyone the looking:


Attachment: PGP.sig
Description: This is a digitally signed message part

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]